“Predictive protection is the future of IT security. Sophos has taken a huge step forward by bringing deep learning neural networks into the industry leading exploit and ransomware protection of Intercept X,” said Dan Schiappa, senior vice president and general manager of products at Sophos.

“Being able to protect against the next unknown attack instead of waiting for it to arrive will change the way IT operations in every organisation can protect their users and assets. Intercept X can bring the most advanced next-generation protection to any organisation, regardless of their current strategy.”

New features in Intercept X include:

Deep Learning Malware Detection

Deep learning model detects known and unknown malware and potentially unwanted applications (PUAs) before they execute, without relying on signatures

The model is less than 20MB and requires infrequent updates

Active Adversary Mitigations

Credential theft protection – Preventing theft of authentication passwords and hash information from memory, registry and persistent storage, as leveraged by such attacks as Mimikatz

Code cave utilisation – Detects the presence of code deployed into another application, often used for persistence and antivirus avoidance

APC protection – Detects abuse of Asynchronous Procedure Calls (APC) often used as part of the AtomBombing code injection technique and more recently used as the method of spreading the WannaCry worm and NotPetya wiper via EternalBlue and DoublePulsar (adversaries abuse these calls to get another process to execute malicious code)

New and Enhanced Exploit Prevention Techniques

Malicious process migration – Detects remote reflective DLL injection used by adversaries to move between processes running on the system

Process privilege escalation – Prevents a low-privilege process from being escalated to a higher privilege, a tactic used to gain elevated system access

Enhanced Application Lockdown

Browser behaviour lockdown – Intercept X prevents the malicious use of PowerShell from browsers as a basic behaviour lockdown

HTA application lockdown – HTML applications loaded by the browser will have the lockdown mitigations applied as if they were a browser

Deep learning is the latest evolution of machine learning. It delivers a massively scalable detection model that is able to learn the entire observable threat landscape. With the ability to process hundreds of millions of samples, deep learning can make more accurate predictions at a faster rate with far fewer false-positives when compared to traditional machine learning.

This new version of Sophos Intercept X also includes innovations in anti-ransomware and exploit prevention, and active-hacker mitigations such as credential theft protection. As anti-malware has improved, attacks have increasingly focused on stealing credentials in order to move around systems and networks as a legitimate user, and Intercept X detects and prevents this behaviour.

Deployed through the cloud-based management platform Sophos Central, Intercept X can be installed alongside existing endpoint security software from any vendor, immediately boosting endpoint protection. When used with the Sophos XG Firewall, Intercept X can introduce synchronised security capabilities to further enhance protection.

More from Intelligent CIO

Subscribe To E-Newsletter

ABOUT INTELLIGENT CIO

Intelligent CIO Africa is a technology intelligence platform aimed at the enterprise IT sector to provide targeted updates and research driven data. As part of Lynchpin Media, this digital medium gives unparalleled advice to the regional community